Close encounter: Apple Macs invade the business world
How to manage the aliens
Companies big and small are running Macs. They are showing up everywhere, from IBM to Google to the SMB.
It has been a few years since I seriously looked at OSX in the enterprise and it is time to revisit the topic to see how things have changed.
When discussing Apple in the enterprise a clear line has to be drawn between mobile versus desktop. The reason is simply that if you don't, all the news about iOS wins drown out any discussion about OSX.
In the mobile world, Apple is a behemoth. It not only has a huge chunk of the consumer market, it has come to absolutely dominate enterprise mobility.
Last year Apple announced a major partnership with IBM whereby IBM would develop more than 100 high-end enterprise apps for iOS. Ever since, it is all anyone involved in Apple in the enterprise can talk about.
Speculation has run rampant on the hows and whys but these are actually pretty simple. IBM had a truly massive number of iOS devices in use. It needed to develop applications to support its workforce (and customers).
A bucketload of IBM cloud services are now going to be "mobile first" in development and delivery. Given that IBM has jettisoned much of its non-cloud business and ramped up investment in its SoftLayer cloud, that is not really so surprising.
Someone sat down with Apple and worked out a deal whereby those applications (and probably a few others) were coded and released. Apple got a nice press release out of it, and I am certain that IBM gained some say in how Apple is prioritising features.
It is a win/win for both parties, although hardly the world-changing announcement that the Apple blogosphere makes it out to be.
March of the mobiles
Unfortunately, margins are higher on mobile. One enterprise application that would be feature rich, complicated and a bit of a support nightmare as a desktop application can be sharded into dozens of mobile apps, each with its own price tag and cloud service.
Mobile devices allow you to track installations more carefully and IT departments are terrified of mobiles, so they will pay more per device to manage them. The result is a lot of sound and fury about mobile device management, and more and more companies quietly and slowly getting out of the desktop space altogether.
Rumours regularly run rampant that Apple will abandon desktops and notebooks altogether
This is especially true in the Apple ecosystem, where rumours regularly run rampant that Apple will either abandon desktops and notebooks altogether or abandon Intel and head to Arm notebooks, ditching OSX for some sort of franken-iOS hybrid thing.
IBM did not suddenly decide in the middle of last year "oh hey, we're going to go super crazy on iOS and this will totally change our company". The vendor has been using Macs for some time. A presentation given in 2012 by IBM's Chris Pepin showed that in 2011 IBM had approximately 10,000 iPads, 30,000 iPhones and 10,000 OSX macs.
IBM not only supports Macs internally, it creates and supports Apple solutions for its customers, and it is an area that appears to be growing. Despite the recent bloodbath at IBM, the company was hiring OSX specialists, even as it was cutting staff elsewhere.
Google has more than 43,000 Macs, probably the single biggest deployment of OSX devices out there, but there are plenty of other large enterprises that run Macs at scale.
Viacom is supposedly another of the large enterprise Mac users, as is (surprise, surprise) Apple itself. A Forrester report in 2012 found that up to four per cent of companies have issued Macs to at least some employees, while Apple's total take of the enterprise PC market was only about seven per cent. That is a lot of companies running heterogeneous environments.
Depending on how you shake analyst Gartner it will tell you that anywhere between five and seven per cent of enterprise desktops and notebooks are Apple. NetMarketShare mostly agrees, reporting OSX hovering at around seven per cent of the market for the past few years.
Apple is clearly not an imminent threat to Microsoft's Windows; Microsoft is perfectly capable of ruining Windows's appeal without outside help. But it is also clear that Macs in the enterprise are not a joke either. They are here and they must be dealt with.
Tools of the trade
When you are the size of IBM, you are not using Apple's enterprise management tools. You are not using Apple Server to bind it all together; Apple has given up on building enterprise server solutions or enterprise-class desktop management.
The honest truth is that you shouldn't be trying to hold Apple networks of larger than 25 or so together with the painful tools Apple ships.
When you are IBM or Google, you build your own. Google certainly has, and it has been pretty vocal about it over the years.
IBM has as well, but IBM can then turn around and sell that to customers. It is sort of what IBM does. I imagine that if Google could find a way to get businesses to agree to Google advertising all over their enterprise management software, it would make them available too.
After spending rather too much time digging into the technical bits around OSX in the enterprise, a few things became painfully clear to me. One is that not only does Apple's innate enterprise management suck, Apple really adds in management capabilities only when the big customers (IBM, Google and co) get raucous about it.
There is an entire swirling universe of companies out there that claim to support Apple but do so only in a limited way. Either they sell endpoint management that does Windows, Android, iOS, some other mobile operating system but not OSX, or they claim to do OSX and are outright terrible at it.
What surprised me was that despite near universal upset at Apple's paltry enterprise support, Apple's Remote Desktop (ARD) gets singled out for a lot of praise. It is surprising because the same people doing the praising will in the same breath complain that it is traditionally quite unstable.
Apple went more than a year between major version updates (October 2013 to January 2015), and it is only the latest version that added support for the newest version of OSX, Yosemite. So why the love/hate relationship?
The short version is that “it is the best available". ARD costs only $80 and offers an interesting tool chest for the Apple administrator. It is something that you would have to have multiple tools for in Windows.
ARD can do remote searches of a client's file system, run scripts, install applications or transfer files on clients, pull history and provide some basic analytics. It even does it in a mostly usable interface.
To get something similar in the Windows world you have to mash up the Devolutions Remote Desktop Manager, TeamViewer and Ninite. To be fair, that would be an amazing tool and I am pretty sure I would install it everywhere.
JAMF has a few different offerings but this seems to be the only third-party apple enterprise management solution that everyone can agree does not make administrators go stark raving mad.
However, JAMF is Apple-only. This, I think, is where Altiris comes in. Altiris will drive you, me and the dog next door absolutely batty, but it seems that among those who need one management solution to rule them all, Altiris is consistently ranked as the least horrible of the bunch.
What I find interesting, however, is that as I dig into DevOps-supported OSX environments, lots of people are still talking about using Puppet alongside JAMF, or at least alongside ARD.
The biggest problem with using Apple in the enterprise is not that it is all that hard, it is that there is a really low signal-to-noise ratio about how to go about it. Everyone seems to want to claim that they can handle Macs in the enterprise, but when you start drilling down it is not so simple.
Real-world deployments are layers of custom solutions married to third-party software, or they are multiple pieces of third-party software used together to get the sort of coverage desired. In the end, Apple in the enterprise is entirely doable but it comes at a pretty steep cost per unit.
In the real world, the cost of an Apple desktop or notebook is not very much higher than a Windows-based box. The cost of the management tools required, however, can easily be double or even triple the price.
In the next installment of this series, we will take a deep dive into how these tools are woven together to form these solutions. ®
Sponsored: Customer Identity and Access Management